Body:
On February 10th Microsoft announced the general availability of Multi-Factor Authentication for Office 365.
Multi-Factor Authentication for Office 365, powered by Windows Azure Multi-Factor Authentication, works exclusively with Office 365 applications at no additional cost and is managed from the Office 365 portal.
Multi-Factor Authentication for Office 365 offers a subset of Windows Azure Multi-Factor Authentication capabilities as shown in the following table:
Multi-Factor Authentication for Office 365 | Windows Azure Multi-Factor Authentication | |
Administrators can Enable/Enforce MFA to end-users |
Yes |
Yes |
Use Mobile app (online and OTP) as second authentication factor |
Yes |
Yes |
Use Phone call as second authentication factor |
Yes |
Yes |
Use SMS as second authentication factor |
Yes |
Yes |
Application passwords for non-browser clients (e.g. Outlook, Lync) |
Yes |
Yes |
Default Microsoft greetings during authentication phone calls |
Yes |
Yes |
Custom greetings during authentication phone calls |
Yes |
|
Fraud alert |
Yes |
|
MFA SDK |
Yes |
|
Security Reports |
Yes |
|
MFA for on-premises applications/ MFA Server. |
Yes |
|
One-Time Bypass |
Yes |
|
Block/Unblock Users |
Yes |
|
Customizable caller ID for authentication phone calls |
Yes |
|
Event Confirmation |
Yes |
To enable Multi-Factor Authentication for other applications, customers can purchase the Windows Azure Multi-Factor Authentication service, which offers a richest set of capabilities, additional configuration options via the Windows Azure portal, advanced reporting, and support for a range of on-premises and cloud applications. Office 365 customers that want the additional functionality can also purchase Windows Azure Multi-factor Authentication.
Multi-Factor Authentication for Windows Azure administrators
The same subset of Multi-Factor Authentication capabilities for Office 365 will be available at no cost to all Windows Azure administrators. Every administrative account of a Windows Azure subscription can now get additional protection by enabling this core multi-factor authentication functionality via Windows Azure Active Directory service. An administrator that wants to access Windows Azure portal to create a VM, deploy a web site, manage storage, use mobile services or any other Windows Azure Service can add multi-factor authentication to his administrator account.
Multi-factor Authentication various scenarios
Office 365 with Federated Id – ADFS |
Office 365 with no Federation – Windows Azure AD only |
SaaS application via Access Panel |
On-premises Apps |
Custom Apps – SDK |
|
MFA functionality available |
Yes |
Yes |
Yes |
Yes |
Yes |
Minimum Version of MFA required |
MFA for Office 365 |
MFA for Office 365 |
Windows Azure MFA |
Windows Azure MFA |
Windows Azure MFA |
MFA available for Web client |
Yes |
Yes |
Depends on Application |
Depends on Application |
Depends on Application |
MFA available for Rich client |
Yes (Application password) |
Yes (Application password) |
N/A |
N/A |
N/A |